[Secure-testing-commits] r14852 - data/CVE

Nico Golde nion at alioth.debian.org
Thu Jun 10 15:58:36 UTC 2010 

Author: nion
Date: 2010-06-10 15:58:35 +0000 (Thu, 10 Jun 2010)
New Revision: 14852

Modified:
   data/CVE/list
Log:
- CVE-2009-4855 fixed in typo3-src 4.2.5-1+lenny3
- NFU
- freeradius in debian doesn't seem to be affected by CVE-2010-0524


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-10 14:56:08 UTC (rev 14851)
+++ data/CVE/list	2010-06-10 15:58:35 UTC (rev 14852)
@@ -877,8 +877,9 @@
 CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...)
 	NOT-FOR-US: PHP Easy Shopping Cart
 CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...)
-	- typo3-src <undetermined>
-	TODO: check
+	- typo3-src 4.2.5-1+lenny3
+	NOTE: I have on idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny
+	NOTE: which is not affected by this bug
 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
 	NOT-FOR-US: TalkBack
 CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...)
@@ -2011,7 +2012,7 @@
 	- texlive-bin 2009-6 (low; bug #580668)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Network Client Tools
 CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...)
 	- wafp <itp> (bug #562949)
 CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
@@ -4610,7 +4611,7 @@
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...)
 	- dovecot <undetermined>
-	NOTE: is this CVE-2009-3897?
+	NOTE: no reference or information found for this bug, contacted apple security
 	TODO: check
 CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...)
 	NOT-FOR-US: Apple Wiki Server
@@ -4633,9 +4634,7 @@
 CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
 	NOT-FOR-US: Apple Mail
 CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...)
-	- freeradius <undetermined>
-	NOTE: very likely os X specific (problem in their default settings), but needs checked
-	TODO: check
+	- freeradius <not-affected> (Apple specific configuration issue)
 CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...)
 	NOT-FOR-US: Apple Wiki Server
 CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...)

More information about the Secure-testing-commits mailing list